I am working with Node.js and want to delete all cookies for the browser, for my domain. What would be the best way to do this? Just set them to expire, or is there another trick?
Asked
Active
Viewed 2.1k times
4
-
It would help if you explained why you want to do this. If it's because you put some data in the cookie that you didn't want the user to have, then there's not much you can do because there's nothing stopping the user from making a copy of the cookie, for example. – 1.618 Mar 04 '15 at 23:40
-
I am working with a legacy server, and a new Node.js server. The session is being set by the Node.js server, and the legacy server is reading the browser's cookies to confirm authenticity. On logout, I want to delete the user's cookies, so on either server we see absence of cookies = logged out. – chapinkapa Mar 05 '15 at 00:13
-
So, I want to delete the cookies to log the user out. – chapinkapa Mar 05 '15 at 00:15
-
How would the legacy server handle an empty cookie? I don't think you can delete a cookie, but you could overwrite it. Did you see this: http://stackoverflow.com/questions/5285940/correct-way-to-delete-cookies-server-side?rq=1 – 1.618 Mar 05 '15 at 00:28
-
On any request that required authentication, the legacy server would make sure that there was a cookie, otherwise the request would be considered unathenticated. I did checkout that post, but that is 4 years old and wanted to see if there was a better way now. – chapinkapa Mar 05 '15 at 01:31
1 Answers
11
This is quite late, but there is a clearCookie() method on the Express response object. No need to use tricks, or artificially expire the cookie. Documentation here: https://expressjs.com/en/4x/api.html#res.clearCookie
warriorpostman
- 2,268
- 2
- 16
- 26
-
Spoiler: *res.clearCookie('name');* This appears to work before throwing an exception as well. :) Thanks! – Buchannon Oct 28 '20 at 17:45